ELECTRIC CHROME - CVE-2020-6418 on Tesla Model 3 @HawaiiFive0 | PT SWARM
ELECTRIC CHROME - CVE-2020-6418 on Tesla Model 3
@HawaiiFive0day got RCE on his brand new Tesla due to chrome's patch gap via porting an @Exodusintel google chrome exploit. A sandbox escape is in the works!
Contents: • Identifying and building the vulnerable V8 • Sidebar: Changing commits • Running the exploit • Why doesn’t it work? • Troubleshooting with git bisect • Pointer Compression • Starting from scratch • Building fakeobj • Expanding to arbitrary read/write • Disassembling a JIT-compiled function, with a surprise • Running shellcode via WebAssembly • Further Improvements • Conclusion
Positive Technologies Offensive Team: twitter.com/ptswarm. This is the channel where we share articles/vulnerabilities/scripts/etc, not necessarily authored by us, that we find interesting...
